Windows8 Location Platform

What this feature does

If you choose to turn on the Windows Location Platform, apps you install from the Windows Store, as well as some Windows features, can ask for permission to determine your PC’s location. If you let an app use your location, in addition to providing your location while you use the app, Windows Location Platform can tell the app when your PC moves inside or outside of app-defined geographical boundaries. For example, an app could let you set a reminder to pick up groceries when you leave work. Depending on your system’s configuration, the Windows Location Platform may determine your PC’s location using hardware, such as a GPS sensor, or software, such as Windows Location Provider.

Windows Location Platform doesn’t prevent apps from determining your PC’s location in other ways. For example, you can install devices (such as a GPS receiver) that might send location information directly to an app and bypass the platform. Regardless of your Windows Location Platform settings, online services can use your IP address to determine its approximate location—usually the city your PC is in.

Information collected, processed, or transmitted

The Windows Location Platform itself doesn’t transmit any information from your PC, but individual location providers (such as the Windows Location Provider) might transfer information when Windows Location Platform asks them to determine your PC’s location. Apps, websites, and features that are authorized to use the platform to determine your PC’s location could also transmit or store that information. If an app sets up geographical boundaries to monitor, those boundaries are stored encrypted on your PC. The information stored about these boundaries includes a name, a location, and whether your PC was inside or outside the boundary the last time its location was determined. Apps that set up geographical boundaries might transmit or store this information.

Use of information

If you turn on the Windows Location Platform, authorized apps, websites, and Windows features will be able to access your PC’s location and use it to give you personalized content. If you use a third-party app or location provider, its use of your PC’s location is subject to the third party’s privacy practices. Before you download a Windows Store app, you’ll be able to see whether the app is location-aware in the app description.

Choice and control

By choosing express settings during Windows Setup, you turn on the Windows Location Platform. If you choose to customize settings, you can control the Windows Location Platform by selecting Let Windows and apps request my location from the Windows Location Platform under Share info with Microsoft and other services. The first time each Store app requests your PC’s location, Windows will ask whether you want to allow the app to use your location. You can view and change this setting for each Store app in Permissions in the app’s settings.

If you use a desktop app that uses Windows Location Platform, it should ask your permission to use your PC’s location, and when it accesses your PC’s location, an icon will appear in the notification area to alert you that your PC’s location has been accessed. Each user can control their own location settings for apps in Privacy in PC settings. In addition, administrators can choose to turn off the location platform for all users in Location Settings in Control Panel. To prevent apps from being notified when geographic boundaries defined by apps are crossed, an administrative user can turn off the Windows Location Framework Service in Control Panel.

What this feature does

The Windows Location Provider connects to the online Microsoft Location Service, which helps determine your PC’s approximate location based on Wi-Fi networks near your PC and your PC’s IP address.

Information collected, processed, or transmitted

When an app you’ve authorized to receive your location requests it, the Windows Location Platform will ask all installed location providers (including Windows Location Provider) to determine your PC’s current location. The Windows Location Provider will first check to see if it has a stored list of nearby Wi-Fi access points from a prior request made by a location-aware app. If there isn’t already a list of nearby Wi-Fi access points, or the list is out of date, the provider sends information about nearby Wi-Fi access points and GPS information (if available) to the Microsoft Location Service. The service returns your PC’s approximate location back to the provider, which passes the location to the Windows Location Platform, which in turn provides it to the app that requested your PC’s location. Windows Location Provider may also update its stored list of Wi-Fi access points. The Windows Location Provider maintains this list so it can determine your PC’s approximate location without connecting to the Internet each time. This list of access points is encrypted when stored on disk so that apps can’t directly access it.

The information that’s sent about nearby Wi-Fi access points includes BSSID (the MAC address of the Wi-Fi access point) and signal strength. The GPS information includes observed latitude, longitude, direction, speed, and altitude. To help protect your privacy, Windows Location Provider doesn’t send any information to uniquely identify your PC beyond the standard computer information sent with all connections to the Internet. To help protect the privacy of Wi-Fi network owners, Windows doesn’t send information about SSIDs (Wi-Fi access point names) or hidden Wi-Fi networks. For privacy and security purposes, information sent about Wi-Fi networks is sent encrypted via SSL.

If you choose to help improve the Microsoft Location Service, Windows might send information about nearby Wi-Fi access points to Microsoft again after an app has requested your PC’s location. If you’re using a metered Internet connection, Windows will limit the number of times per day it sends this information to limit the use of your Internet connection.

Use of information

The information is used by the Windows Location Provider to give Windows Location Platform the approximate location of your PC when an authorized app requests it.

If you choose to help improve the Microsoft Location Service, the Wi-Fi and GPS info sent to Microsoft is used to improve Microsoft’s location services, which in turn helps to improve the location services provided to your apps. Microsoft doesn’t store any data collected from this service that could be used to identify, contact, target advertising to you, or to track or create a history of your PC’s location.

Choice and control

The Windows Location Provider is used only if an authorized app has requested your PC’s location. For more info about how to control whether apps can request your PC’s location, see the Windows Location Platform section. If you authorize apps to request your PC’s location, the cached list of nearby Wi-Fi access point locations that are encrypted and stored by the Windows Location Provider will be deleted and replaced periodically.

If you choose express settings while setting up Windows, you choose to help improve the Microsoft Location Service. If you choose to customize settings, you can control whether to help improve the Microsoft Location Service by selecting Send some location data to Microsoft when location-aware apps are used under Help improve Microsoft products and services. After setting up Windows, you can change this setting in Location Settings in Control Panel. If you choose not to help improve the service, you will still be able to use the Windows Location Provider to determine your PC’s approximate location.

You can turn the Windows Location Provider on or off by opening Turn Windows features on or off in Control Panel. If you turn off the Windows Location Provider, you can still use other location providers (such as GPS) with the Windows Location Platform.

If you use Windows Defender, Microsoft Active Protection Service (MAPS) can help better protect your PC by automatically downloading new signatures for newly-detected malware, and monitoring the security status of your PC. MAPS will send information about malware and other potentially unwanted software to Microsoft, and may also send files that could contain malware. If MAPS detects that your PC is infected with certain types of malware, MAPS might automatically contact you through your Microsoft account to help solve the problem.

Information collected, processed, or transmitted

MAPS reports include information about potential malware files, such as file names, cryptographic hash, software publisher, size, and date stamps. In addition, MAPS might collect full URLs to indicate the origin of the files, as well as the IP addresses that the potential malware files connect to. These URLs might occasionally contain personal information such as search terms or data entered in forms. Reports might also include the actions you took when Windows Defender notified you that the potentially unwanted software was detected. MAPS includes this information to help Microsoft gauge how effectively Windows Defender can detect and remove malware and potentially unwanted software, and to attempt to identify new malware.

Reports are automatically sent to Microsoft when:

If you choose to join MAPS while setting up Windows, you join with a basic membership. Basic membership reports contain the information described in this section. Advanced membership reports are more comprehensive and might occasionally contain personal information, for example, file paths and partial memory dumps. These reports, along with reports from other Windows Defender users who are participating in MAPS, help our researchers discover new threats more rapidly. Malware definitions are then created, and these updated definitions are made available to all users through Windows Update.

If you join MAPS, Windows Defender might send specific files or web content from your PC that Microsoft suspects might be potentially unwanted software. The sample report is used for further analysis. If a file is likely to contain personal information, you will be prompted before it is sent. If Windows Update hasn’t been able to obtain updated signatures for Windows Defender for a period of time, Windows Defender will attempt to use MAPS to download signatures from an alternate download location.

To help protect your privacy, all information sent to MAPS is sent encrypted via SSL.

To help detect and fix certain kinds of malware infections, Windows Defender regularly sends MAPS some information about the security state of your PC. This includes information about your PC’s security settings and log files describing the drivers and other software that load while your PC starts. A number that uniquely identifies your PC is also sent.

Use of information

Reports sent to MAPS are used to improve Microsoft software and services. The reports might also be used for statistical, testing, or analytical purposes, and for generating definitions. MAPS doesn’t intentionally collect personal information. To the extent that MAPS might unintentionally collect any personal information, Microsoft won’t use the information to identify, contact, or target advertising to you.

The information about your PC’s security state that MAPS collects is used to determine if certain kinds of malware have infected your PC. In this case, Microsoft uses the contact information in your Microsoft account to contact you with details about the problem and how to fix it.

Choice and control

If you choose express settings while setting up Windows, you turn on MAPS. If you choose to customize settings, you can control MAPS by selecting Get better protection from malware by sending info and files to Microsoft Active Protection Service when Windows Defender is turned on under Share info with Microsoft and other services. After setting up Windows, you can change your MAPS membership or settings, including turning off MAPS, in the Settings menu in Windows Defender.

If you receive the Malicious Software Removal Tool through Windows Update, it might send similar information to MAPS even if Windows Defender is turned off. For more info, read the Windows Malicious Software Removal Tool privacy statement at:

http://go.microsoft.com/fwlink/?LinkId=113995

What this feature does

To provide personalized content, apps can request your name and account picture from Windows. Your name and account picture are displayed under Your account in Accounts in PC settings. If you sign in to Windows with a Microsoft account, Windows will use the name and account picture associated with that account. If you haven’t chosen a picture for your account, your account picture will be a default picture provided by Windows.

Information collected, processed, or transmitted

If you allow apps to access your name and account picture, Windows will provide that information to all apps that request it. Apps might store or transmit this information.

If you sign in to Windows with a domain account, and you choose to allow apps to use your name and account picture, apps that can use your Windows credentials will be allowed to access certain other forms of your domain account information. This information includes, for example, your user principal name (like jack@contoso.com) and DNS domain name (like corp.contoso.com\jack).

If you sign in to Windows with a Microsoft account, or if you sign in to Windows with a domain account connected to a Microsoft account, Windows can automatically sync your account picture on your PC with your Microsoft account picture.

Use of information

If you use a third-party app, how the app uses your name and account picture is subject to the third party’s privacy practices. If you use a Microsoft app, the app’s privacy practices will be explained in its privacy statement.

Choice and control

If you choose express settings while setting up Windows, Windows will allow apps to access your name and account picture. If you choose to customize settings, you can control access to your name and account picture by selecting Let apps use my name and account picture under Share info with Microsoft and other services. After setting up Windows, you can change this setting in Privacy in PC settings. You can change your account picture in Accounts in PC settings. You can also choose to allow certain apps to change your account picture.

If you choose to sync your settings, changes you make to the name or account picture associated with your Microsoft account online will also apply to your PC. For example, if you change your account picture on profile.live.com, it will apply to your PC as well. Similarly, if you change your account picture on your PC, it will become your Microsoft account picture. For information about how to control syncing, see the Sync your settings section.

What this feature does

To provide more relevant advertising, Windows allows apps to access a unique identifier for each user on a device. You can reset or turn off access to this identifier at any time.

Information collected, processed, or transmitted

If you allow apps access to the advertising identifier Windows will provide it to all apps that request it. Apps might store or transmit this information.

Use of information

Your advertising identifier is used by app developers and advertising networks to provide more relevant advertising to you by understanding which apps you use and how you use them. It can also be used by app developers to improve quality of service by allowing them to determine the frequency and effectiveness of ads and to detect fraud and security issues.

If you use a third-party app, how the app uses your advertising identifier is subject to the third party’s privacy practices.

Choice and control

If you choose express settings while setting up Windows, Windows will allow apps to use your advertising identifier. If you choose to customize settings, you can control access to your advertising identifier by selecting Let apps use my advertising identifier for experiences across apps under Share info with Microsoft and other services. After setting up Windows, you can change this setting in Privacy in PC settings. If you turn this setting off, no information is sent to apps that request your advertising identifier. If you choose to turn the setting on again, a new identifier will be generated.